The hacker who hit the Dutch certificate authority (CA) claims he has access to four other CAs.
In a statement, the hacker, who identified himself as 'Ichsun', said: “I just wanted to let the world know that anything you do will have consequences; anything your country did in the past, you have to pay for.”
He made reference to the Dutch government's alleged murder of Muslims.
Regarding the attack, Ichsun did not explain how it was done, but said Anonymous and LulzSec could learn from it as "there were so many zero-day bugs, methods and skill shows".According to Mikko Hypponen, chief research officer at F-Secure, Ichsun is also linked to the Comodo hack – because the latest statement came from the same Pastebin account as statements related to Comodo.
He said: “After Comodo, the hacker, who called himself Comodohacker, sent a series of messages via his Pastebin account. Then, at the end of March, it went silent. We've been keeping an eye on it, just in case the attacker will post something related to the DigiNotar case. He just did.”
Microsoft has updated the Certificate Trust List (CTL) hosted on Windows Update to remove DigiNotar; any attacks since 29 August targeting Internet Explorer users on Windows Vista and later platforms will likely fail.
Jonathan Ness of MSRC Engineering warned: “However, we should note that systems having previously encountered DigiNotar certificates may have cached DigiNotar as a trusted root CA. This cached list is updated client-side every seven days. Therefore, the last date on which any attack targeting Internet Explorer users on Windows Vista and later platforms might possibly be successful is 5 September.”
He added: “We are currently preparing an update for Windows XP and Windows Server 2003 platforms which will add DigiNotar to our Untrusted Certificate Store. This update will be available soon.”
Ness said attackers would not be able to use a fraudulent Windows Update certificate to install malware via the Windows Update servers, because the Windows Update client will only install binary payloads signed by the root certificate issued by Microsoft.